locked
Having Issues retrieving certain users on Deployment Server... RRS feed

  • Question

  • User-1464883749 posted

    Hi All,

    I've been trying to get a website running using Active Directory for validating members in our domain and so far I've created a Active Directory helper class which manages all the DirectoryServices objects that I use to find users in our domain, user that are members of a groups, organization units, emails, and Full names, and other data from AD Users.

    The website lunches correctly I've a page load method which checks if the user is part of a group and if it's not it gets redirected to another page, my problem arrived when I've deployed the website to a 1dev1 server that we have to deploy websites for testing. Basically if I open my browser from my comp and I'm an administrator in the network I'll be able to open the website and all the groups that I'm a member of are retrieved, however If I login with another x user which is not an admin it then fails to retrieve the groups for that user. I'm wondering if there's some sore of security that I haven't assign to either the Application Pool or something else.

    Here's the code that I wrote for the Active Directory piece on my site:  

    1        public class ActiveDirectoryHelper
    2        {
    3            private DirectoryEntry adEntry;
    4            private List<string> groups;
    5    
    6            public ActiveDirectoryHelper(string userName, string adPath)
    7            {
    8                DirectoryEntry adEntry = new DirectoryEntry(adPath);
    9                DirectorySearcher adSearch = new DirectorySearcher(adEntry);
    10                 
    11               adSearch.Filter = String.Format("(&(objectClass=user)({0}))", userName);
    12               SearchResult searchResult = adSearch.FindOne();
    13   
    14               if (searchResult != null)
    15               {
    16                   this.adEntry = searchResult.GetDirectoryEntry();
    17                   groups = new List<string>();
    18               }
    19               else
    20                   this.adEntry = null;
    21   
    22           }
    23           public static string getFullName(string userName)
    24           {
    25               return "";
    26               
    27           }
    28           public List<string> getGroups()
    29           {
    30               String[] groups = Groups.Split('|');
    31               for (int i = 0; i < groups.Length; i++)
    32               {
    33                   if (groups[i] != "")
    34                       this.groups.Add(groups[i]);
    35               }
    36               return this.groups;
    37           }
    38           public DirectoryEntry DirectoryEntry
    39           {
    40               get
    41               {
    42                   return adEntry;
    43               }
    44           }
    45           public PropertyValueCollection this[string strKey]
    46           {
    47               get
    48               {
    49                   return adEntry.Properties[strKey];
    50               }
    51           }
    52           public bool isUser
    53           {
    54               get
    55               {
    56                   return adEntry != null;
    57               }
    58           }
    59           public String FullName
    60           {
    61               get
    62               {
    63                   if (this["cn"] != null)
    64                   {
    65                       return this["cn"].Value.ToString();
    66                   }
    67                   else
    68                       return string.Empty;
    69               }
    70           }
    71           public String Email
    72           {
    73               get
    74               {
    75                   if (this["mail"].Value != null)
    76                   {
    77                       return this["mail"].Value.ToString();
    78                   }
    79                   else
    80                       return string.Empty;
    81               }
    82           }
    83   
    84           /// <summary>
    85           /// Returns a String containing all of the active directory groups that a ADUser is a member of.
    86           /// The groups are delimited by the | character.
    87           /// </summary>
    88           public String Groups
    89           {
    90               get
    91               {
    92                   StringBuilder groupNames = new StringBuilder();
    93   
    94                   try
    95                   {
    96   
    97                       int propertyCount = adEntry.Properties["memberOf"].Count;
    98   
    99                       String dn;
    100                      int equalsIndex, commaIndex;
    101  
    102                      for (int propertyIndex = 0; propertyIndex < propertyCount; propertyIndex++)
    103                      {
    104                          dn = (String)adEntry.Properties["memberOf"][propertyIndex];
    105                          equalsIndex = dn.IndexOf("=", 1);
    106                          commaIndex = dn.IndexOf(",", 1);
    107                          if (-1 == equalsIndex)
    108                          {
    109                              return null;
    110                          }
    111                          groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
    112                          groupNames.Append("|");
    113                      }
    114                  }
    115                  catch (Exception ex)
    116                  {
    117                      throw new Exception("Error obtaining group names. " + ex.Message);
    118                  }
    119                  return groupNames.ToString();
    120              }
    121          }
    122          /// <summary>
    123          /// Returns a string array delimited by the | symbol containing the 
    124          /// Active Directory groups that the ADUser is a member of.
    125          /// </summary>
    126          /// <returns>String of Active Directory groups delimited by the | symbol.</returns>
    127          public String[] GetGroups()
    128          {
    129  
    130              String strGroups = this.Groups.ToString();
    131              String[] groups = strGroups.Split('|');
    132              return groups;
    133          }
    134  
    135          /// <summary>
    136          /// Given a Active Directory group returns true if ADUser is part of group.
    137          /// </summary>
    138          /// <param name="group">Active Directory group.</param>
    139          /// <returns>Boolean true if ADUser is part of group, else false.</returns>
    140          public bool IsInGroup(string group)
    141          {
    142              String[] hasGroups = this.GetGroups();
    143              foreach (String str in hasGroups)
    144              {
    145                  if (str.Equals(group))
    146                      return true;
    147              }
    148  
    149              return false;
    150          }
    151  
    152          /// <summary>
    153          /// Given a Active Directory group name returns an ArrayList of the
    154          /// Active Directory usernames of all members.
    155          /// </summary>
    156          /// <param name="groupName">Active Directory group name.</param>
    157          /// <param name="strRootPath">LDAP Path.</param>
    158          /// <returns>ArrayList of Active Directory group usernames.</returns>
    159          static public ArrayList GetADGroupMembers(string groupName, string strRootPath)
    160          {
    161              SearchResult result;
    162              DirectoryEntry objRootEntry = new DirectoryEntry(strRootPath);
    163  
    164              DirectorySearcher search = new DirectorySearcher(objRootEntry);
    165  
    166              search.Filter = String.Format("(cn={0})", groupName);
    167              search.PropertiesToLoad.Add("member");
    168              result = search.FindOne();
    169  
    170              ArrayList userNames = new ArrayList();
    171              if (result != null)
    172              {
    173                  for (int counter = 0; counter < result.Properties["member"].Count; counter++)
    174                  {
    175                      string user = (string)result.Properties["member"][counter];
    176                      userNames.Add(user);
    177                  }
    178              }
    179              return userNames;
    180          }
    181     }
    
     ADPath is a Configuration settings:

    "LDAP://1CFP1/dc=kec,dc=komatsueq,dc=com"

     This is also some logging info I have after creating a file to write my logs:

    This one is for my admin user:

    Username: anr=dilmerv Ad Path: LDAP://1CFP1/dc=kec,dc=komatsueq,dc=com
    Search Collection Member Of: 13
    User Path in AD: LDAP://1CFP1/CN=Dilmer E. Valecillos,OU=.ISDepartment,DC=kec,DC=komatsueq,DC=com
    Search result Username:
    Ad Entry Count: 0
    User Exist: True
    AD Property Count: 13
    Group Names: \# Project Edge 2006|@FinanceRequest|@RebuildTrackingAdmin|\# KDCN|@TruckScheduler|allsubscribers6ddd7553|@Corporate|MSCRM Role (System Administrator)|@ISDepartment|UserGroup|Backup Operators|Administrators|Domain Admins|
     

    This one for the regular user:

    Username: anr=LasVegasBranchUser Ad Path: LDAP://1CFP1/dc=kec,dc=komatsueq,dc=com
    Search Collection Member Of: 0
    User Path in AD: LDAP://1CFP1/CN=LasVegas BranchUser,OU=\#LasVegas,DC=kec,DC=komatsueq,DC=com
    Search result Username:
    Ad Entry Count: 0
    User Exist: True
    AD Property Count: 0
    Group Names:
    Session on check user.isUser: System.Web.SessionState.HttpSessionState Response Val: System.Web.HttpResponse
    AD Property Count: 0
    Group Names:
    Email: LasVegasBranchUser@komatsueq.com Groups #0

    I've tried debugging the code from my local host and it works fine and I'm able to harcode the regular users such as the one above "LasVegasBranchUser" and I do get the groups and missing info, but I have not idea why I can't retrieve that information when I run the website on the server...

     Let me know if you have any suggestions..

     I appreciate it !

    Dilmer Valecillos

    Wednesday, April 1, 2009 10:49 PM

All replies

  • User1293829926 posted

     hi,

    you can achieve this by impersonating your normal user. To do this add the following tag in web.config under system.web tag

    <identity impersonate="true" userName="youradiministratorusername" password="password"/> 

    Wednesday, April 1, 2009 11:55 PM